Microsoft warns of economic damages caused by Iran-linked hackers

Researchers at Microsoft warn of damages caused by cyber operations conducted by Iran-linked cyberespionage groups.

Security experts at Microsoft are warning of economic damages caused by the activity of Iran-linked hacking groups that are working to penetrate systems, businesses, and governments worldwide.

According to Microsoft, the attackers already caused hundreds of millions of dollars in damages by stealing secret data and wiping information from computer networks of 200 companies over the past two years.

The experts estimated the attacks caused hundreds of millions of dollars in damages.

“Researchers for tech giant Microsoft said the attackers stole secrets and wiped data from computer networks after targeting thousands of people at some 200 companies over the past two years, according to The Wall Street Journal.” reported the AFP press agency.

According to the Wall Street Journal, the cyberattacks hit organizations in the energy industry, most oil-and-gas firms, and makers of heavy machinery. The Iran-linked hackers hit organizations in several countries, including Saudi Arabia, Germany, the United Kingdom, India, and the U.S..

Researchers attributed the attacks to an Iran-linked group tracked by Microsoft as Holmium (aka APT33) that has been around since at least 2013. Since mid-2016, the group targeted the aviation industry and energy companies with connections to petrochemical production.

Microsoft observed Holmium cyber espionage group carrying out spear-phishing attacks against more than 2,200 people with the intent to deliver malicious code.

John Lambert, the head of Microsoft’s Threat Intelligence Center defined the attacks as “massively destabilizing events.”

In 2017, security firm FireEye observed the APT33 group targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea.

In 2018, the Iran-linked group continued to be very active, security researchers at Cyberbit discovered the Early Bird code injection technique used by the threat actors to inject the TurnedUp malware into the infected systems evading security solutions.

Security experts warn of the increased cyber capabilities of Iran-linked cyber espionage groups, a few days ago PaloAlto Networks published an analysis that revealed the Iran-linked Chafer APT group used a new Python-based backdoor in attacks carried out in November 2018 that targeted a Turkish government entity.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Iran-linked hackers, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.